Saturday, September 20, 2008

An interesting cybercrime and politics story came out this week. Sarah Palin's Yahoo email account was hacked by a group called Anonymous and screenshots were posted in WikiLeaks. Hacking may be too strong a word, what seems to have occurred is more akin to social engineering, as the hackers admitted that they simply guessed correctly Palin's Yahoo security questions. The hacker reset the password by answering Palin's date of birth, postcode and where she met her husband (Wasila High), all easily obtainable facts.

Now the FBI has become involved, as it is a federal offence to have unauthorised access to someone else's email through the Stored Communications Act. The Act makes it a criminal offence to "intentionally accesses without authorization a facility through which an electronic communication service is provided". The perpetrator faces a fine or up to five years in jail if the access was done for "commercial advantage, malicious destruction or damage, or private commercial gain, or in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or any State". For any other case, the penalty is one year or a fine. However, the EFF has stated that prosecution may be difficult in case of accessing viewed or opened emails.

While I confess to feeling a pinch of schadenfreude at this case, there is something deeply wrong about accessing another person's email. What seems clear is that privacy settings for famous people are clearly inadequate, as the security questions are anything but.